Educause Security Discussion mailing list archives
Re: Mandatory information security awareness training
From: Drew Perry <aperry () MURRAYSTATE EDU>
Date: Thu, 18 Apr 2013 11:11:15 -0500
Much like Samford, Murray State has mandatory training through SANS Securing the Human for al Faculty and Staff. We purchased a large block through REN-ISAC pricing. I believe there is another purchasing window coming up in July. We're also looking into re-training with some components for policy violations. For instance, if your email account is compromised from a phishing attack, you must re-take the email and password modules before your account will be re-activated. Drew Perry Security Analyst Murray State University (270) 809-4414 aperry () murraystate edu ***MSU Information Systems staff will *never* ask for your password or other confidential information via email.*** * * On Thu, Apr 18, 2013 at 10:00 AM, Banks, Teresa E - (tbanks) < tbanks () email arizona edu> wrote:
All three state universities in Arizona (University of Arizona, Arizona State, and Northern Arizona University) have mandatory all-employee awareness. We developed our own, and presented on it at the Educause Security Professionals Conference in 2011. You can find our training at http://security.arizona.edu/infosecessentials.**** ** ** We wanted to make sure we didn’t just cover what auditors required of us – we wanted to help our users understand the WIIFM (What’s in it for me). The program has been very successful. We are in the process of updating it now.**** ** ** If you have questions, please don’t hesitate to contact Kelley Bogart (520-626-8232, bogartk () email arizona edu) or me.**** ** ** Best,**** *Teresa E. Banks* Manager, Information Security **** & Compliance Programs**** University of Arizona Information Security**** tbanks () email arizona edu**** Phone: 520.621.8476**** ** ** *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Self, Dennis *Sent:* Friday, April 12, 2013 2:05 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Mandatory information security awareness training**** ** ** Beth,**** ** ** We have the requirement (not policy yet, but administration agreement) but not everyone has taken it. The training,* Securing the Human* from SANS Institute, has been available for approaching two years.**** ** ** Dennis Self, CISSP**** Director, IT Security & Compliance**** Technology Services**** Samford University**** (205) 726-2692**** ** ** *From: *"Chancellor, Beth C." <ChancellorB () MISSOURI EDU> *Reply-To: *The EDUCAUSE Security Constituent Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *Date: *Friday, April 12, 2013 2:59 PM *To: *<SECURITY () LISTSERV EDUCAUSE EDU> *Subject: *[SECURITY] Mandatory information security awareness training*** * ** ** **** I need to identify institutions that have mandatory information security awareness training for *all employees*. MU has required training for certain segments of our employee population but not for all. Please reply to me if you have already have such a policy that covers everyone.**** **** Thanks,**** Beth**** **** *Beth Chancellor***** *chancellorb () missouri edu***** *MEd, CISSP***** *Associate CIO &***** *Chief Information Security Officer***** *University of Missouri***** *(573) 882-3503***** * ***** ****
Current thread:
- Mandatory information security awareness training Chancellor, Beth C. (Apr 12)
- Re: Mandatory information security awareness training David Curry (Apr 12)
- Re: Mandatory information security awareness training Flynn, Gary - flynngn (Apr 12)
- default reply-to address of SECURITY list Flynn, Gary - flynngn (Apr 12)
- Re: default reply-to address of SECURITY list Valdis Kletnieks (Apr 15)
- Re: Mandatory information security awareness training Self, Dennis (Apr 12)
- Re: Mandatory information security awareness training Banks, Teresa E - (tbanks) (Apr 18)
- Re: Mandatory information security awareness training Drew Perry (Apr 18)
- Re: Mandatory information security awareness training Banks, Teresa E - (tbanks) (Apr 18)
- Re: Mandatory information security awareness training Dan Han (Apr 12)
- Re: Mandatory information security awareness training Jeff Holden (Apr 12)
- Re: Mandatory information security awareness training Palmer, Kevin J. (Apr 12)